I don’t agree with it. You can’t believe everything you read in Wired. The “information should be free” movement is just modern techno-geek Marxism, and it’s only sillier the second time around.
People and companies exposing buggy software to untrusted parties deserve to have it exploited to their disadvantage. Maliciously attacking software systems by submitting data crafted to trigger security-critical bugs should not be illegal in any way.
That may be so now, but that doesn’t mean it’s impossible to change it. That the current default state for software is “likely insecure” reflects the fact that the market price for software security is lower than the cost of providing it.
Laws against software attacks raise the cost of performing such attacks, and therefore lower the incentives for people to ensure the software they use is secure. I think it would be worth a try to take that illegality away, and see if the market responds by coming up with ways to make software secure.
You can’t get really good physical security without expending huge amounts of resources: physical security doesn’t scale well. Software security is different in principle: If you get it right, it doesn’t matter how many resources an attacker can get to try and subvert your system over a data channel—they won’t succeed.
I don’t agree with it. You can’t believe everything you read in Wired. The “information should be free” movement is just modern techno-geek Marxism, and it’s only sillier the second time around.
All software is buggy. All parties are untrusted.
That may be so now, but that doesn’t mean it’s impossible to change it. That the current default state for software is “likely insecure” reflects the fact that the market price for software security is lower than the cost of providing it.
Laws against software attacks raise the cost of performing such attacks, and therefore lower the incentives for people to ensure the software they use is secure. I think it would be worth a try to take that illegality away, and see if the market responds by coming up with ways to make software secure.
You can’t get really good physical security without expending huge amounts of resources: physical security doesn’t scale well. Software security is different in principle: If you get it right, it doesn’t matter how many resources an attacker can get to try and subvert your system over a data channel—they won’t succeed.